Merge branch 'master' into sverker/enif_select

Conflicts: erts/emulator/beam/erl_binary.h erts/emulator/beam/erl_monitors.c erts/emulator/beam/erl_nif.c erts/emulator/beam/global.h erts/emulator/test/nif_SUITE_data/nif_SUITE.c
author: Sverker Eriksson <[email protected]> 2017-02-20 20:06:28 +0100
committer: Sverker Eriksson <[email protected]> 2017-02-20 20:06:28 +0100
commit: 82d3513f95198b0a4295ba866a78ae6c137a34d5 (patch)
tree: b45aee60996f1054e15308defddc8e96e8ef91b8 /lib/ssh/doc/src
parent: 5adbf961a3c79a6782f8be8336ec26594754e9e8 (diff)
parent: 32a74e6c83cd110b8e8ab714be4365c0da558fca (diff)
download: otp-82d3513f95198b0a4295ba866a78ae6c137a34d5.tar.gz
otp-82d3513f95198b0a4295ba866a78ae6c137a34d5.tar.bz2
otp-82d3513f95198b0a4295ba866a78ae6c137a34d5.zip
2 files changed, 49 insertions, 18 deletions
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 6b49f89449..f6e26f5ee8 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -153,7 +153,7 @@
 	  <item>
 	  <p>IP version to use.</p>
 	  </item>
-          <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
+          <tag><marker id="opt_user_dir"></marker><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory, that is, the directory containing
 	    <c>ssh</c> configuration files for the user, such as
@@ -175,22 +175,48 @@
 	    supplied with this option.
 	    </p>
 	  </item>
-          <tag><c><![CDATA[{silently_accept_hosts, boolean() | accept_fun() | {crypto:digest_type(), accept_fun()} }]]></c>
-	  <br/>
-	  <c><![CDATA[accept_fun() :: fun(PeerName::string(), FingerPrint::string()) -> boolean()]]></c>
+          <tag>
+            <c><![CDATA[{silently_accept_hosts, boolean()}]]></c> <br/>
+            <c><![CDATA[{silently_accept_hosts, CallbackFun}]]></c> <br/>
+            <c><![CDATA[{silently_accept_hosts, {HashAlgoSpec, CallbackFun} }]]></c> <br/>
+            <br/>
+	    <c><![CDATA[HashAlgoSpec = crypto:digest_type() | [ crypto:digest_type() ] ]]></c><br/>
+	    <c><![CDATA[CallbackFun = fun(PeerName, FingerPrint) -> boolean()]]></c><br/>
+	    <c><![CDATA[PeerName = string()]]></c><br/>
+	    <c><![CDATA[FingerPrint = string() | [ string() ] ]]></c>
 	  </tag>
 	  <item>
-	    <p>When <c>true</c>, hosts are added to the
-	    file <c><![CDATA[known_hosts]]></c> without asking the user.
-	    Defaults to <c>false</c> which will give a user question on stdio of whether to accept or reject a previously
-	    unseen host.</p>
-	    <p>If the option value is has an <c>accept_fun()</c>, that fun will called with the arguments
-	    <c>(PeerName, PeerHostKeyFingerPrint)</c>.  The fingerprint is calculated on the Peer's Host Key with
-	    <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-1">public_key:ssh_hostkey_fingerprint/1</seealso>.
-	    </p>
-	    <p>If the <c>crypto:digest_type()</c> is present, the fingerprint is calculated with that digest type by the function
-	    <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-2">public_key:ssh_hostkey_fingerprint/2</seealso>.
-	    </p>
+            <p>This option guides the <c>connect</c> function how to act when the connected server presents a Host 
+            Key that the client has not seen before. The default is to ask the user with a question on stdio of whether to
+            accept or reject the new Host Key.
+            See also the option <seealso marker="#opt_user_dir"><c>user_dir</c></seealso>
+            for the path to the file <c>known_hosts</c> where previously accepted Host Keys are recorded.
+            </p>
+            <p>The option can be given in three different forms as seen above:</p>
+	    <list>
+	      <item>The value is a <c>boolean()</c>.  The value <c>true</c> will make the client accept any unknown
+              Host Key without any user interaction.  The value <c>false</c> keeps the default behaviour of asking the
+              the user on stdio.
+              </item>
+              <item>A <c>CallbackFun</c> will be called and the boolean return value <c>true</c> will make the client
+              accept the Host Key. A return value of <c>false</c> will make the client to reject the Host Key and therefore
+              also the connection will be closed. The arguments to the fun are:
+              <list type="bulleted">
+	        <item><c>PeerName</c> - a string with the name or address of the remote host.</item>
+                <item><c>FingerPrint</c> - the fingerprint of the Host Key as 
+                <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-1">public_key:ssh_hostkey_fingerprint/1</seealso>
+                calculates it.
+                </item>
+              </list>
+              </item>
+              <item>A tuple <c>{HashAlgoSpec, CallbackFun}</c>. The <c>HashAlgoSpec</c> specifies which hash algorithm
+                shall be used to calculate the fingerprint used in the call of the <c>CallbackFun</c>. The <c>HashALgoSpec</c>
+                is either an atom or a list of atoms as the first argument in
+                <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-2">public_key:ssh_hostkey_fingerprint/2</seealso>.
+                If it is a list of hash algorithm names, the <c>FingerPrint</c> argument in the <c>CallbackFun</c> will be 
+                a list of fingerprints in the same order as the corresponding name in the <c>HashAlgoSpec</c> list.
+              </item>
+            </list>
 	  </item>
 	  <tag><c><![CDATA[{user_interaction, boolean()}]]></c></tag>
 	  <item>
@@ -200,7 +226,7 @@
 	    supplying a password. Defaults to <c>true</c>.
 	    Even if user interaction is allowed it can be
 	    suppressed by other options, such as <c>silently_accept_hosts</c>
-	    and <c>password</c>. However, those optins are not always desirable
+	    and <c>password</c>. However, those options are not always desirable
 	    to use from a security point of view.</p>
 	  </item>
 
diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml
index 5cc4c24889..5f710decc1 100644
--- a/lib/ssh/doc/src/ssh_app.xml
+++ b/lib/ssh/doc/src/ssh_app.xml
@@ -146,7 +146,10 @@
 	  <item>diffie-hellman-group-exchange-sha1</item>
 	  <item>diffie-hellman-group-exchange-sha256</item>
 	  <item>diffie-hellman-group14-sha1</item>
-	  <item>diffie-hellman-group1-sha1</item>
+	  <item>diffie-hellman-group14-sha256</item>
+	  <item>diffie-hellman-group16-sha512</item>
+	  <item>diffie-hellman-group18-sha512</item>
+	  <item>(diffie-hellman-group1-sha1, retired: can be enabled with the <c>preferred_algorithms</c> option)</item>
 	</list>
       </item>
 
@@ -157,7 +160,7 @@
 	  <item>ecdsa-sha2-nistp384</item>
 	  <item>ecdsa-sha2-nistp521</item>
 	  <item>ssh-rsa</item>
-	  <item>ssh-dss</item>
+	  <item>(ssh-dss, retired: can be enabled with the <c>preferred_algorithms</c> option)</item>
 	</list>
       </item>
 
@@ -306,6 +309,8 @@
       <p>Comment: Defines hmac-sha2-256 and hmac-sha2-512
       </p>
       </item>
+
+      <item>Work in progress: <url href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2">https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-05</url>, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)</item>
       
     </list>
author	Sverker Eriksson <[email protected]>	2017-02-20 20:06:28 +0100
committer	Sverker Eriksson <[email protected]>	2017-02-20 20:06:28 +0100
commit	82d3513f95198b0a4295ba866a78ae6c137a34d5 (patch)
tree	b45aee60996f1054e15308defddc8e96e8ef91b8 /lib/ssh/doc/src
parent	5adbf961a3c79a6782f8be8336ec26594754e9e8 (diff)
parent	32a74e6c83cd110b8e8ab714be4365c0da558fca (diff)
download	otp-82d3513f95198b0a4295ba866a78ae6c137a34d5.tar.gz otp-82d3513f95198b0a4295ba866a78ae6c137a34d5.tar.bz2 otp-82d3513f95198b0a4295ba866a78ae6c137a34d5.zip